<?php
class App_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{
    /**
     * Check access authorization
     * 
     * @param Zend_Controller_Request_Abstract $request
     * @throws Exception Not access
     * 
     * @return void
     */
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        try {
            $object = Zend_Session::namespaceGet('Zend_Object');
            
            $auth = Zend_Auth::getInstance();
            $identity = $auth->getIdentity();
            
            $resource =
                $request->getModuleName() . '_' .
                $request->getControllerName();
            $privileg = $request->getActionName();
            
            // if role not admin
            if($object['acl']->has('all')) {

            } else if($object['acl']->has($resource) === FALSE ||
                      $object['acl']->isAllowed(
                          $identity['username'],
                          $resource,
                          $privileg)) {

                $request->setModuleName('error')
                    ->setControllerName('error')
                    ->setActionName('app')
                    ->setParams(array('message' => 'Berechtigungen für diesen Bereich fehlen!', 'back' => 'javascript:history.back()'));
            }
        } catch (Zend_Exception $e) {

            error_log($e);
        }
    }
}